LoginCookieUtil.java
3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package com.qgutech.util;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashSet;
import java.util.Set;
/**
* Cookie工具类,扩展了httpOnly属性
*
* @author ChenYunfei@HF
* @since 2016/9/13
*/
public class LoginCookieUtil {
private static final int MINUTE_SECONDS = 60;
private static Set<String> httpOnlyCookieNameSet = new HashSet<String>(){{
add("JSESSIONID");
//add("oms_eln_session_id");
//add("LOGIN_SOURCE");
}
};
public static void addCookie(HttpServletResponse response, String name, String value,
String path, String age, String domain, boolean isSecure, boolean isHttpOnly) {
int maxAge = getAgeIntValue(age);
setHttpOnly(response,name,value,maxAge,path,domain,isSecure,isHttpOnly);
}
public static void setCookieHttpOnly(HttpServletResponse response, HttpServletRequest request, String name, boolean isHttpOnly) {
Cookie cookie = CookieUtil.getCookie(request, name);
if (cookie == null) {
return;
}
setHttpOnly(response, cookie, isHttpOnly);
}
public static void setAllCookieHttpOnly(HttpServletRequest request, HttpServletResponse response, boolean isHttpOnly) {
Cookie[] cookies = request.getCookies();
if(cookies == null){
return;
}
String path = request.getContextPath();
for (Cookie cookie : cookies) {
if(cookie == null){
continue;
}
if(httpOnlyCookieNameSet.contains(cookie.getName())){
setHttpOnly(response, cookie, path ,true);
}
}
}
private static void setHttpOnly(HttpServletResponse response, Cookie cookie, boolean isHttpOnly) {
setHttpOnly(response, cookie.getName(), cookie.getValue(), cookie.getMaxAge(), cookie.getPath(), cookie.getDomain(), cookie.getSecure(), isHttpOnly);
}
private static void setHttpOnly(HttpServletResponse response, Cookie cookie, String path, boolean isHttpOnly) {
setHttpOnly(response, cookie.getName(), cookie.getValue(), cookie.getMaxAge(), path, cookie.getDomain(), cookie.getSecure(), isHttpOnly);
}
private static void setHttpOnly(HttpServletResponse response, String name, String value, int maxAge, String path, String domain, boolean isSecure, boolean isHttpOnly) {
StringBuilder buffer = new StringBuilder();
buffer.append(name).append("=").append(value).append(";");
if (maxAge == 0) {
buffer.append("Expires=Thu Jan 01 08:00:00 CST 1970;");
} else if (maxAge > 0) {
buffer.append("Max-Age=").append(maxAge).append(";");
}
if (domain != null) {
buffer.append("domain=").append(domain).append(";");
}
if (path != null) {
buffer.append("path=").append(path).append(";");
}
if (isSecure) {
buffer.append("secure;");
}
if (isHttpOnly) {
buffer.append("HTTPOnly;");
}
response.addHeader("Set-Cookie", buffer.toString());
}
private static int getAgeIntValue(String age) {
try {
return Integer.valueOf(age) * MINUTE_SECONDS;
} catch (Exception e) {
return -1;
}
}
}